Macintosh Support - Keychain Management

Managing your Macintosh Keychain

What is a keychain?

The keychain in Mac OS X is Apple’s password management system.

A keychain can store all your passwords for applications, servers, and
websites, or even sensitive information unrelated to your computer, such as
credit card numbers or personal identification numbers (PINs) for bank accounts.

When you connect to a network server, open an email account, or access any
password-protected item that is keychain-aware, your keychain can provide the
password so you don't have to type it.

You start with a single keychain, which is created automatically the first
time you log in to your Mac OS X user account. Your default keychain has the
same password as your login password. This keychain is unlocked automatically
when you log in to Mac OS X and is referred to in Keychain Access menus as the
"login" keychain.

When keychain problems occur

Keychain problems occur when a user's login password does not match their
keychain password. This can be caused by using authentication methods
other than the standard OS X local account system. On campus Macs, many users
log in with their UMKC Exchange account credentials. However, when a
user changes their UMKC Exchange password, keychain does not recognize the
change automatically. When the password used to log into the machine does
not match the current keychain password, the keychain does not unlock for use
with password management. The user is able to log onto the machine, but
applications that use the keychain system, such as Safari or Outlook, will
give the user an error message stating that the application wants to use the
"login" keychain. It will ask for the keychain password. Below is a
typical keychain request for Safari.

If a user clicks Cancel, the message will return again. If a user
clicks Cancel a second time, the message goes away and the application continues
to open. However, if the warning is cancelled, saved password information
will not be available while using the application.

Changing your keychain password

When a keychain mismatch occurs, the user must change their keychain password
to match the password used to log on to the machine. To correctly change
your keychain password, the user will use the application Keychain Access.
Keychain Access is located in Applications\Utilities. When you run
Keychain Access, it will look similar to the following:

To change your keychain password:

Select "login" under the list of keychains.

From the menu at the top of the screen, click Edit.

Select Change Password for Keychain "login"...

Enter the current keychain password. Remember that the "current"
keychain password is the password previously used to log into the machine,
before your most recent password change.

Enter your new password and verify. The new password you enter
should match the password you used to log into the machine. For UMKC
users, you should use your current UMKC Exchange password.

When Users cannot change their keychain password

Sometimes a user will be unable to change their keychain password. This
can occur if a user forgets what their previous login password was. Also
if a keychain has become corrupt, you will not be able to change it. In
those instances, it may be necessary to manually delete and recreate your
keychain.

WARNING! Manually deleting your keychain will effectively erase all
stored passwords on the machine. You will have to re-enter passwords that
are normally provided for you automatically. Online passwords such as
logging on to websites in Safari will have to be re-entered into your new
keychain.

Manually deleting the keychain

This should only be attempted by advanced users or tech support personnel.

1. Open the hidden Library folder. To do this, click the Go menu in the Apple
Finder. While the Go menu is displayed, hold down the Option(Alt) key to reveal
the Library menu option. While still holding the Option(Alt) key, click Library.
The Library window will appear.

2. Delete the user’s login.keychain file (or move it to a different
location). This can be found in the Keychains folder, which is located in the
User’s Library folder.

3. Relaunch Safari, or the afflicted app. On relaunch you will be presented with
the ‘Keychain Not Found’ dialog box which states that ‘A Keychain cannot be
found to store “Safari” [or other app]‘. Click ‘Reset To Defaults’.

4. A dialog asking you to confirm the keychain reset appears. Click “Yes”.

5. Finally you will be prompted to enter the user’s login password in order to
create the new keychain. Do so and click ‘OK’.

6. Relaunch Safari or the afflicted app. That’s it! Problem solved and no more
dialog boxes.